I'll qualify this by saying I haven't done much testing of IE7, but from
what I have seen so far, it just sees any page asking for a userid and
password (providing it recognises the userid and password fields) as a
Phising page.

We perform controlled phishing attacks on our global attacks almost
daily. I
can say the IE7 phsihing filter has never detected any of our sites. I'm
guessing this is due to a white-listing approach and all of our attacks
are
one-off.

My thoughts on an effective anti-phishing browser solution would also
need
to have the ability to be updated. Example- If the company had a widget
that
would detect directed phishing attacks.. Then this information could be
disseminated to the toolbar to stop users from visiting the site. This
could
also be synced to remote users.

Or is this redundant because it should be done in a content management
solution?